Puppet Class: profile::aptrepo::wikimedia
- Defined in:
- modules/profile/manifests/aptrepo/wikimedia.pp
Overview
SPDX-License-Identifier: Apache-2.0 @ summary Prove an apt-repository of local or patched Debian
packages. Packages placed in this repository must
be licensed in that allows Wikimedia to distribute
the software. The repository can be access via:
https://apt.wikimedia.org/wikimedia/
unless failover/switch over is performed.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'modules/profile/manifests/aptrepo/wikimedia.pp', line 24
class profile::aptrepo::wikimedia (
Stdlib::Fqdn $primary_server = lookup('profile::aptrepo::wikimedia::aptrepo_server'),
Array[Stdlib::Fqdn] $secondary_servers = lookup('profile::aptrepo::wikimedia::aptrepo_servers_failover'),
String $aptrepo_vhost = lookup('profile::aptrepo::wikimedia::aptrepo_hostname'),
Stdlib::Unixpath $public_basedir = lookup('profile::aptrepo::wikimedia::public_basedir'),
Stdlib::Unixpath $private_basedir = lookup('profile::aptrepo::wikimedia::private_basedir'),
Stdlib::Unixpath $homedir = lookup('profile::aptrepo::wikimedia::homedir'),
String $gpg_user = lookup('profile::aptrepo::wikimedia::gpg_user'),
String $ztp_juniper_root_password = lookup('profile::aptrepo::wikimedia::ztp_juniper_root_password'),
Optional[String] $gpg_pubring = lookup('profile::aptrepo::wikimedia::gpg_pubring'),
Optional[String] $gpg_secring = lookup('profile::aptrepo::wikimedia::gpg_secring'),
Optional[Stdlib::Port] $private_repo_port = lookup('profile::aptrepo::wikimedia::private_port'),
Optional[Array[String]] $upload_keys = lookup('profile::aptrepo::wikimedia::upload_keys'),
) {
firewall::service { 'aptrepos_public_http':
proto => 'tcp',
port => [80,443],
}
firewall::service { 'aptrepos_private_http':
proto => 'tcp',
port => $private_repo_port,
src_sets => ['DOMAIN_NETWORKS', 'MGMT_NETWORKS'],
}
class { 'aptrepo::common':
homedir => $homedir,
basedir => $public_basedir,
gpg_user => $gpg_user,
gpg_secring => $gpg_secring,
gpg_pubring => $gpg_pubring,
}
# Public repo, served by nginx
aptrepo::repo { 'public_apt_repository':
basedir => $public_basedir,
incomingdir => 'incoming',
upload_keys => $upload_keys,
distributions_file => 'puppet:///modules/aptrepo/distributions-wikimedia',
}
# Private repo, served by Apache
aptrepo::repo { 'private_apt_repository':
basedir => $private_basedir,
incomingdir => 'incoming',
distributions_file => 'puppet:///modules/aptrepo/distributions-private',
}
$private_reprepro_wrapper = @("SCRIPT" /$)
#!/bin/bash
REPREPRO_BASE_DIR=${private_basedir} /usr/bin/reprepro "$@"
|SCRIPT
file { '/usr/local/sbin/private_reprepro':
ensure => file,
owner => 'root',
group => 'root',
mode => '0500',
content => $private_reprepro_wrapper,
}
class { 'aptrepo::tftp': }
include profile::backup::host
class { 'aptrepo::ztp_juniper':
ztp_juniper_root_password => $ztp_juniper_root_password
}
# The repository data
backup::set { 'srv-wikimedia': }
class { 'aptrepo::rsync':
primary_server => $primary_server,
secondary_servers => $secondary_servers,
}
if $primary_server == $facts['networking']['fqdn'] {
monitoring::service { 'https':
description => 'HTTPS',
check_command => 'check_ssl_http_letsencrypt_ocsp!apt.wikimedia.org',
notes_url => 'https://wikitech.wikimedia.org/wiki/APT_repository',
}
$motd_ensure = 'absent'
} else {
$motd_ensure = 'present'
}
motd::message { '01_inactive_warning':
ensure => $motd_ensure,
priority => 99, # Use hi priority to ensure this is the last message
color => 'red',
message => '*** This is not the active server DO Not USE ***'
}
motd::message { '02_inactive_warning':
ensure => $motd_ensure,
priority => 99, # Use hi priority to ensure this is the last message
color => 'red',
message => "Please use ${primary_server} instead. It will rsync to ${facts['networking']['hostname']}"
}
}
|